Responsible Disclosure

Report a security
vulnerability

Found a security issue? We appreciate responsible disclosure. Please email us with details so we can address it quickly.

SOC 2 Type IIGDPRCCPATLS 1.3AES-256

Email us directly

The fastest way to report a vulnerability.

security@functionfly.com

What to include

  • Description of the vulnerability
  • Steps to reproduce the issue
  • Potential impact assessment
  • Affected component or system
  • Proposed fixes (optional)

Our commitment

24h

Acknowledgment

We confirm receipt of your report within 24 hours.

7d

Initial assessment

We provide an initial assessment and expected timeline within 7 days.

90d

Resolution

We target resolving critical issues within 90 days of confirmation.

Scope

In scope

  • Production systems and APIs
  • FunctionFly dashboard and website
  • Authentication and authorization flaws
  • Data exposure or integrity issues
  • Cryptographic vulnerabilities
  • Server-side request forgery (SSRF)
  • Injection attacks (SQL, XSS, etc.)

Out of scope

  • Social engineering attacks
  • Physical security testing
  • Denial of service attacks
  • Attacks on third-party services
  • UI/UX issues without security impact
  • Feature requests
  • Third-party library vulnerabilities

Recognition

We credit researchers who responsibly disclose security vulnerabilities in our Hall of Fame. With your permission, we will list your name or alias alongside the resolved vulnerability.

For significant discoveries, we may offer bug bounty rewards. Our security team will discuss this on a case-by-case basis.

Other security contacts

Privacy concerns

Questions about data handling or privacy issues.

privacy@functionfly.com

General legal

Contract notices and legal correspondence.

legal@functionfly.com

Ready to report?

Email us at security@functionfly.com with your findings.